Re: Delegating Control...
- From: v-jasont@xxxxxxxxxxxxxxxxxxxx (Jason Tan (MSFT))
- Date: Fri, 16 Sep 2005 13:23:38 GMT
Hi Harrision,
Thanks for your reply!
Based on my search, I cannot find the document which describes all the
permissions since it could be much more due the different requirement. You
may consider which permission should be granted to objects to custom a
delegate of control.
1. Join Computers to the domain
2. Move computers between OU's
3. Reset user passwords
4. Create Exchange Mailboxes
5. Add and remove groups to users.
I would like to provide you with some information for your reference:
1. Join Computers to the domain.
By default, domain user has permission to join 10 clients into domain.
2. Move computers between OU's
You may want to delegate user/group create, list, view permission to the
two OUs.
3. Reset user passwords
This is a common task which you may delegate to users/groups. Please refer
to "Reset user passwords and force password change at next logon" option in
common task.
4. Create Exchange Mailboxes
You may attempt to use common task "create, delete, and manage user
accounts."
5. Add and remove groups to users.
You may want to delegate users/groups full control permission to the groups
object.
More information for your reference:
Step-by-Step Guide to Using the Delegation of Control Wizard
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
directory/activedirectory/stepbystep/ctrlwiz.mspx
Use this wizard to delegate administrative control
http://www.windowsitpro.com/Article/ArticleID/22555/22555.html?Ad=1
Delegation of Control Wizard
http://www.serverwatch.com/tutorials/article.php/10825_1472441_2
Hope the information helps. If there is anything that is unclear, please
feel free to let me know.
Thanks & Regards,
Jason Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Reply-To: "Harrison Midkiff" <HMidkiff@xxxxxxxxxx>
| From: "Harrison Midkiff" <HMidkiff@xxxxxxxxxx>
| References: <ODLlinWuFHA.2064@xxxxxxxxxxxxxxxxxxxx>
<EBD19F1E-4898-40BF-B668-F2380D2F4442@xxxxxxxxxxxxx>
<bIxy4cduFHA.3640@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Delegating Control...
| Date: Thu, 15 Sep 2005 18:48:29 -0400
| Lines: 124
| Organization: Audio Visual Innovations, Inc.
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| Message-ID: <#Jv#XekuFHA.3792@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 208.5.55.190
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.win2000.active_directory:33561
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Jason:
|
| Thanks for replying to my post.
|
| I know how to do the Delegation of Control, but the descriptions of all
the
| permissions are not very good. Do you know any place that has good
| descriptions of these?
|
| Harrison Midkiff
| "Jason Tan (MSFT)" <v-jasont@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:bIxy4cduFHA.3640@xxxxxxxxxxxxxxxxxxxxxxxx
| > Hello harrison,
| >
| > Thanks you posting!
| >
| > I agree with kapil. You may follow his helpful suggestion. More
| > information
| > below is for your reference:
| >
| > 888204 How to use the Delegation of Control Wizard to grant permissions
to
| > a
| > http://support.microsoft.com/?id=888204
| >
| > 315676 HOW TO: Delegate Administrative Authority in Windows 2000
| > http://support.microsoft.com/default.aspx?scid=kb;en-us;315676
| >
| > 883381 Delegating administrator roles to an administrative group can
grant
| > the
| > http://support.microsoft.com/?id=883381
| >
| > 304935 How to set Exchange Server 2000 and 2003 mailbox rights at the
time
| > of
| > http://support.microsoft.com/?id=304935
| >
| > Hope the information helps. If there is anything that is unclear, please
| > feel free to let me know.
| >
| > Thanks & Regards,
| >
| > Jason Tan
| >
| > Microsoft Online Partner Support
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| >
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from your issue.
| >
| > =====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| >
| >
| > --------------------
| > | Thread-Topic: Delegating Control...
| > | thread-index: AcW5uks0VtgKAxwDQMKh1bAO+sGjUQ==
| > | X-WBNR-Posting-Host: 203.99.195.2
| > | From: "=?Utf-8?B?a2FwaWw=?=" <kapil@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <ODLlinWuFHA.2064@xxxxxxxxxxxxxxxxxxxx>
| > | Subject: RE: Delegating Control...
| > | Date: Wed, 14 Sep 2005 22:57:02 -0700
| > | Lines: 33
| > | Message-ID: <EBD19F1E-4898-40BF-B668-F2380D2F4442@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.win2000.active_directory
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.win2000.active_directory:33520
| > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > |
| > | Hello harrison,
| > |
| > | you can definatly find these options but for that you have to do a
| > customize
| > | delegation. that will give you all the options. Also be careful about
| > the
| > | adminSDHolder
| > |
| > | you can also go through article: KB 817433
| > |
| > | need help mail me.
| > |
| > | "Harrison Midkiff" wrote:
| > |
| > | > Hello:
| > | >
| > | > After a series of errors due to to many people having domain admin
| > accounts
| > | > I have finally decided to run the Delegation of Control wizard and
| > restrict
| > | > users access. I created a group and want to only allow them to do
the
| > | > following.
| > | >
| > | > 1. Join Computers to the domain
| > | > 2. Move computers between OU's
| > | > 3. Reset user passwords
| > | > 4. Create Exchange Mailboxes
| > | > 5. Add and remove groups to users.
| > | >
| > | > I tried to use the Delegation of Control wizard but it didn't seems
to
| > give
| > | > me these options. Does anyone have experience running this who
could
| > help
| > | > me out. Thanks.
| > | >
| > | > Harrison Midkiff
| > | >
| > | >
| > | >
| > |
| >
|
|
|
.
- Follow-Ups:
- Re: Delegating Control...
- From: JPolicelli
- Re: Delegating Control...
- References:
- Delegating Control...
- From: Harrison Midkiff
- RE: Delegating Control...
- From: Jason Tan (MSFT)
- Re: Delegating Control...
- From: Harrison Midkiff
- Delegating Control...
- Prev by Date: Re: Group Policy being enforced
- Next by Date: Failed Server on ADS Network
- Previous by thread: Re: Delegating Control...
- Next by thread: Re: Delegating Control...
- Index(es):
Relevant Pages
|
